[SURBL-Discuss] Simon's complex redirection

Eric Kolve ekolve at comcast.net
Tue Apr 27 18:03:51 CEST 2004

On Wed, Apr 28, 2004 at 01:26:48AM +0200, Patrik Nilsson wrote:
> At 10:55 2004-04-28 +1200, Simon Byrnand wrote:
> >> It's double-encoded.  We can catch that easily.  But first, my question 
> >--
> >> does this *work* in an MUA, ie. should we?  Simon, could you try it?
> >
> >What you get is the image preview in google which consists of an image in
> >the top frame, and the page that it came from in the bottom frame, and in
> >the bottom frame was a link "click here for ......." so yes it definately
> >does work...
> I guess this is a 'framer' rather than a redirector.
> A url that points to a frameset that loads an external page specified in 
> the query url in one of the frames.

I think this is a case where we can only catch such a case by
parsing the path for things that look like a url since we won't 
get any valuable information based on the GET itself.


> For all practical purposes it's similar to a redirector, but with 
> complications.
> The http response code from a GET request using the url will not indidate 
> that it's a redirector.
> For a user loading the page in a browser, the adress of the spamvertized 
> website will not be visible in the location bar.
> For some spammers, this would probably be prefered over traditional 
> redirectors.
> Patrik 
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss

More information about the Discuss mailing list